There are basic deliverables that are always present in the output from this service. This foundation can be seen below:
Additional deliverables may be added to the output, based on the findings of the specific analysis.
One of the most prevalent challenges today occurs in the communication between security professionals and the executive management at an organization. At the heart of the challenge is the significantly different perspectives of the two groups, coupled with the difficulty in defining the reflective metric that is security. From the security perspective, the safeguarding of organizational assets requires a focus on tactics techniques and procedures (TTP). This viewpoint tends to build on detailed components of detection and response, and results in the selection of hardware, software, and procedural components that address ongoing or emerging threats. There is little or no data available to the frontline security personnel that would allow them to support a reflective metric, such as the absence of a security incursion.
The executive management perspective works on a basis of risk and exposure, cost and benefit. Decisions are made for the organization as a whole using this foundation. This is irrespective of the area within the organization, of which security is only one. Most executives are not conversant with the detailed technical issues of security and asset protection. Since executives focus on the strategic aspects, the tactical details are outside of the normal purview.
The translation of detailed security needs to critical thinking input is lacking in most organizations. A failure in this translation can be very costly for both sides of the security equation. Without a good benefits analysis for executive decision makers, critically needed security components may be delayed or even omitted. Conversely, executive decision-makers have no way of evaluating relative importance of proposed security components. The CyberBusiness Security Benefits Evaluation product provides a clearly defined translation of the technical security requirements and the organizational benefits expected.
The calibration of cost, benefits, risk, exposure, best practices and other critical action items utilizes the SIL heuristic database. This rapidly-growing and evolving database contains millions of reports of actual production information from operating organizations worldwide. The depth of experiential data provides an actuarial foundation for the risk and exposure profile, as well as, a strong comparison basis for the deliverables in this product.
|Data Collection||FTP and email|
|Size Range||15-60 pages|
|Media||Electronic, maximum of 5 hardcopies|
|Level of Detail||Company and situation specific|
|Timing and Schedule|
|Client Time Contribution||<10 total hours for data collection|
|Project Length||2-3 weeks|
|Delivery Mechanism||Remote meeting with screen display|
|Contract Form||Fixed bid|
|Payment Schedule||Deposit and completion|